RSS   Vulnerabilities for 'WAY4'   RSS

2021-10-11
 
CVE-2021-35059

CWE-79
 

 
OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.

 
 
CVE-2021-35060

CWE-209
 

 
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.

 


Copyright 2021, cxsecurity.com

 

Back to Top